Due to its simplicity and enormous library, Python has long been the go-to language of the hacking community, but learning C# can make you a more versatile and in-demand ethical hacker. I’m not suggesting that you abandon Python in favor of C#, but instead use C# on select projects where it makes sense, leaving everything else in Python. C# is a modern, industry-leading language that benefits ethical hackers in many different ways, and learning it is a strategic move for any ethical hacker.
Benefits of C#
- Performance – C# applications are pre-compiled, and the language relies on strict data types, which help provide better performance.
- Compatibility – .NET is open-source, and works in Windows, Linux, and on the Mac.
- Enterprise – Better understanding of applications used in large organizations.
- Learning – The syntax used in C# is similar to that of C, C++, Java, and JavaScript, so the learning curve is low. On the other hand, Python uses its own unique syntax, and if that’s all you know, you’re doing yourself a disservice.
- Supported – Microsoft updates .NET and C# annually and is very diligent about backward compatibility. As with Python, there are extensive third party packages and libraries available for use.
Performance and Speed
In my C# 101 for Hackers course, I begin the course by comparing a small C# application to a similar application written in Python. The Python code executes the application in 52 seconds, while the equivalent code in C# takes only 2 seconds to run. The difference is that Python is interpreted while C# is compiled. This doesn’t make Python a bad choice, but it does mean that there are cases where C# would be a better choice, which can reduce the time and effort it takes to perform some tasks.
So, which tasks is C# better at than Python? C# is significantly faster than Python for computationally heavy tasks. This performance comes from the fact that C# is compiled while Python is interpreted. This means that the source code you write in C# is converted into bytecode, something much closer to what your PC understands, allowing for much faster execution. Python, on the other hand, has to read each line of code, figure out what it does, convert it to bytecode, and then run it. If you have a loop that repeats something multiple times, C# is always ready to go, while Python has to re-interpret the code on each iteration.
It also doesn’t help that Python is a dynamically typed language, which means that a variable created in memory can be an integer when created, but as your script executes, that same variable can become a string or any other data type. This requires Python to type-check every variable at runtime, which can slow down performance. This dynamic typing also leads to higher memory usage. C#, on the other hand, uses static typing, so a variable created as an integer remains an integer for the duration of your application’s run. This static typing leads to fewer logic errors, better performance, and a much more efficient memory footprint. Additionally, C# utilizes direct memory access and works with your system’s stack and heap memory. This makes C# ideal for large-scale data processing, database operations, and numerical computations such as calculating hashes.
Compatible with Windows, Mac, and Linux
One of the original arguments for not working with C# was that it only ran on Windows and required a proprietary IDE (Microsoft Visual Studio) to work. That’s not the case today, and .NET works on Windows, Macs, and Linux machines. Setup is also a breeze, and all of the tools, as well as the language itself, are open-source.
.NET also includes a robust CLI interface, so working within the terminal is not only possible but encouraged. With the .NET CLI, you can create console applications, web applications, APIs, and more, all with simple commands. Additionally, you can compile and run your applications directly from the command line, allowing you to execute C# applications remotely via SSH. Finally, editing can be done in Visual Studio Code or any text editor of your choice. Even VIM or NANO editors are perfectly acceptable if you so choose.
Setup on Kali Linux
One of the easiest ways to set up .NET on Kali Linux is to use PimpMyKali 2.0, a script written by Dewalt at TCM Security, which helps automate many tasks in Kali and provides a great deal of support for TCM Security courses, such as my C# 101 for Hackers course. Using PMK 2.0, you can download and install the latest version of .NET, Visual Studio Code, and several extensions that make working with C# in Kali easy. The entire process takes less than a minute and provides a full development environment.
Common Enterprise Language
C# and .NET have long been used in enterprise settings. This comes from the support, tooling, and convenience that Microsoft has provided to its customers over the years. Since .NET is available on most Microsoft Windows OS environments, it makes it an easy choice when an organization has to create internal tools for use. Additionally, the above performance benefits allow an organization to launch public-facing products with fewer server and infrastructure needs, plus .NET also scales quite well and is designed for large traffic loads. These reasons make it a natural choice for many organizations.
Know Your “Adversary”
Because C# is widely used to build web applications, desktop software, mobile applications, and many cloud-based services, ethical hackers who understand and work with C# are at an advantage for several reasons. That understanding may help you get the client in the first place. Additionally, by knowing the language and its quirks and features, ethical hackers can better plan their attack vectors, having a foundation of how the application is likely to behave. Finally, understanding C# enables you to conduct white-box testing of enterprise apps, where you’ll have access to the source code.
Learning C# vs Python
My course allows you to get your feet wet when it comes to C#, but there’s a lot more to learn and do with the language than I cover in the course. And while there are many books, online courses, and tutorials that can help you move your knowledge forward, one of the best ways I know to adapt to a new language is just to force yourself to use it. Reach for that C# program every time you want to write a Python script, and within a year, you will be a proficient C# developer.
Learn Useful Syntax
The nice thing about C# is that it is very similar in syntax to Java and the C / C++ languages. Even JavaScript shares some semblance when it comes to code syntax. That means that while you’re learning C#, you will likely also be able to read and understand Java, Kotlin, and other C-style syntax languages. This also means you’ll have a shorter learning curve, especially if you’ve worked with any of these languages.
Better Programming Habits
The compiled nature, strong typing, and compile / runtime error checking will also make you a better programmer. Python is easier to work with because it allows you to take major liberties with data structures and the efficiency of your code. With C#, you’ll be learning good patterns and practices and efficient ways of handling various situations.
In contrast, Python relies heavily on the placement of code and indentation. While on the surface, this is a benefit, it is less structured and more error-prone. I would much rather see a set of curly braces defining a block of code rather than the number of spaces each line is indented. For short, simple scripts, this is OK, but once you get into large application-style scripts, this quickly becomes more difficult to read and work with.
C# Assistance with AI
Artificial Intelligence is also a major part of Microsoft’s initiatives, and GitHub Copilot and ChatGPT are very well-trained in Microsoft code. Microsoft also recently announced a free tier that allows GitHub Copilot to be used for free within Visual Studio Code. While I wouldn’t use its code directly in production applications, using Copilot to write many different types of tools can be beneficial. Copilot will show you methods and ways of structuring your code, which may not be apparent to a new user, and it will help you solve some of the hurdles you may encounter while trying to write C# applications. And taking this to the next level with editors such as Cursor is also possible and can be very effective.
Libraries
Both languages offer a huge community and a set of libraries for just about any purpose and need. C# and .NET’s public library is known as a Nuget Repository, and various components, libraries, and frameworks are installed into your application as Nuget packages. Nuget is your package manager as well, with security and version updates available to your application as needed. Python relies on PyPl (Python Package Index), which hosts thousands of libraries and packages that can be installed using the pip command. Like Nuget, this is a centralized repository of publicly available packages. The pip command and .NET CLI work similarly in allowing you to install, update, and manage your libraries.
While my first instinct was to count the number of packages on PyPl and then contrast that with the number of packages on Nuget, I realized that it wouldn’t be a fair comparison. More is not always necessarily better, and I believe PyPl hosts many more packages than Nuget. That said, I think quality matters, and since PyPl works for Python 2 and 3, with Python 2 slowly on the decline, I’m going to say that depending on what you want to do, there is likely a Nuget and PyPl library, framework, or component available for you to work with.
As a quick mention, there are several ethical hacking-related frameworks available for C# as well, including SharpHound, an Active Directory enumeration framework, Seatbelt, a post-exploitation reconnaissance tool, and Rubeus for attacking Kerberos servers.
Updates and Support
One of the best reasons to learn C# is that it is under active development. Every year, we get a new version of .NET, with more and more features, and along with that, we get a new iteration of C#, also with a major set of improvements and enhancements. Microsoft is always careful to ensure full backward compatibility, and moving from version to version of .NET is as easy as simply selecting the new framework and C# version. Backward compatibility is an important distinction between C# and Python.
Python 3 was released in 2008 and handled everything from the print statement to basic math in a different way than Python 2. In the industry, we call these “breaking changes,” which is any change that we have to rewrite code using the new functionality in order to have our applications work again. And while Python 2 was deprecated in 2020, it is still in use today. This makes some scripts difficult to run and work with. Multiple versions of Python may have to be installed, and developers may still have to keep track of the old way of doing things and the new way. None of these problems exist in the modern ecosystem of C# and .NET.
C# for Improvement and Advancement
Python is a fantastic language and isn’t going anywhere. It is an essential part of an ethical hacker’s toolkit. But adding C# to your arsenal can be a game-changer. It’s faster, more modern, and more aligned with enterprise environments. From faster brute-force attacks to easier ASP.NET testing, learning C# gives you a sharper edge in ethical hacking. Setup is simple, and there are many third party libraries, frameworks, and components to work with, and you’ll be learning good programming habits and hygiene. While I don’t recommend replacing Python, I do recommend adding C# to your workflow. You’ll see your productivity and skills improve. Learning new things is almost always our goal. Learn C#.
If you want to learn more about adding C# to your skillset, check out my C# 101 course for Hackers. The course will take you from learning beginner-friendly C# and .NET basics to hands-on exercises where you will build your own applications. Depending on where you are in your ethical hacking journey, you can learn and demonstrate your skills through certifications like the Practical Junior Penetration Tester PJPT certification (for entry/associate level skills) or the Practical Network Penetration Tester PNPT certification (for intermediate/professional level skills).
About the Author: Alex Tushinsky
Alex has over three decades of expertise in software development, application architecture, cybersecurity, and technical education. As a lifelong learner, he holds more than twenty active IT certifications and is a Microsoft and CompTIA Certified Trainer. Alex’s passion for sharing his knowledge has led him to teach at numerous institutions, including Rutgers University, Bergen Community College, County College of Morris, College of Southern Nevada, and the University of Nevada, Las Vegas (UNLV). Additionally, he is the author of numerous online courses on platforms such as Pluralsight and TCM Academy, including our C# 101 for Hackers course.
Alex holds a Bachelor of Science in Software Development and a Master’s in Cybersecurity and Information Assurance from Western Governors University. His passion for software development has led him to work at Fortune 500 organizations such as PepsiCo, Intel Corporation, Gen Re, and several smaller businesses, where he has worked on enterprise software development projects primarily in C# and Java. In the cybersecurity field, Alex has worked as a Chief Information Security Officer and is a consultant to several small and mid-sized organizations, where he educated and provided guidance on the importance and proper use of information security. Currently, he is the Chief Technology Officer at TCM Security.
When not working, Alex spends his time with his wife and many pets, including two cats and three Boston Terrier dogs. He is an active runner and cyclist and is an ethical and health-conscious vegan.
About TCM Security
TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers.
Pentest Services: https://tcm-sec.com/our-services/
Follow Us: Email List | LinkedIn | YouTube | Twitter | Facebook | Instagram | TikTok
Contact Us: sales@tcm-sec.com
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.